headers/modsecurity/rules_properties.h - temporary prevent (O)n issue… #1667
Conversation
… while parsing modsec rules - this should fix owasp-modsecurity#1663
|
Hi @vaLski, Thank you for the patch. Disable the rule id duplication may not be the right approach here as it is necessary due to other reasons. Also, the integer comparison inside the loop should not be the responsible for the numbers on #1663. It may trigger a problem in a race condition, but the problem is likely to be elsewhere. Therefore, I am closing this issue without merge. |
|
@zimmerle I totally agree that disabling this code is not the best approach to solve this issue. Hence my C skills are limited this was the easiest approach for me to try. Despite that fact, I am sure that this is the code that is triggering the issue I described in #1663 and more specifically the problem with the slow syntax check (nginx -t) and slow nginx start/reload. Since I applied this patch (code comment) I am not experiencing this issue. Try this with 3k mod security rules and 1000+ vhosts and you will see that too. I bet a beer this is the code that is causing the slowdown during start/restart/reload/configtest. |
|
x-ref: #1735. |
… while parsing modsec rules - this should fix #1663